I apologize if this is somewhat off topic, but I was curious if anyone could share any good ideas on what products or solutions they may use for command execution? We manage a fleet of disparate operating systems (primarily Windows) and I have been hoping to make a case internally to move away from our current "all in one" solution to shift to a combination of osquery/fleet with some type of command execution (similar to salt). Ideally I'd like to integrate the two so if an event like disk space condition or service failure fires from an osquery pack fires, an action can be taken against the machine.
10/26/2020, 8:35 PM
I would look at SOAR type platforms like Splunk Phantom that are designed to automate actions
10/26/2020, 8:49 PM
Thanks! I guess I have typically thought of SOAR as primarily in the security incident response space, but we are looking to be able to have things like remote command prompt on the machine. I'll look into Phantom more as I've seen it in passing but never really investigated.